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(57) Abstract 



A global server (106) includes a communications engine for establishing a communications link with a client (1 14a); security means 
coupled to the communications engine for deiemiining client privileges; a servlet host engine coupled to the security means for providing to 
the client (1 14a), based on the client privileges, an applet which enables I/O with a secured service (1 10a); and a keysafe for storing a key 
which enables access to the secured service (1 10a). The global ser\'er may be coupled to multiple sites, wherein each site provides multiple 
services. Each site may be protected by a firewall (116). Accordingly, the global server stores the keys for enabling communication via 
the firewalls (116) with the services (1 10a). 



BNSDOCID; <WO O0n832A1J_> 





Codes used lo identify 




Albania 


AM 


Armenia 


AT 


Austria 


AU 


Australia 


AZ 


Azerbaijan 


BA 


Bosnia and Ifei^egovina 


HH 


Barbados 


BE 


Belgium 


BF 


Burkina Paso 


BG 


Bulgaria 


BJ 


Benin 


BR 


Brazil 


BY 


Belarus 


CA 


Canada 


CF 


Ccniral African Republic 


CC 


Congo 


CH 


Switzicrland 


Ci 


Cdic d'lvoirr 


CM 


Cameroon 


CN 


China 


cu 


Cuba 


cz 


Czech Republic 


DE 


Germany 


DK 


Denmark 


EE 


Esconia 



FOR THE PURPOSES OF INFORMATION ONLY 



Slates party to the PCf on the from 



KS 

Fl 

FR 

GA 

CB 

GE 

GH 

CN 

GR 

HU 

IE 

IL 

IS 

IT 

JP 

KE 

KG 

KP 

KR 

KZ 

LC 

LI 

LK 

LR 



Spain 
Finland 
France 
Gabon 

United Kingdom 

Georgia 

Ghana 

Guinea 

Greece 

Hungary 

Ireland 

Israel 

Iceland 

lialy 

Jafian 

Kenya 

Kyrgyzsian 

Democratic People's 

Republic of Korea 

RcpubJtc of Korea 

Kazakstan 

Saint Lucia 

Liechtenstein 

Sri Lanka 

Liberia 



pages of pamphlets publishing in.cmational applications under the PCT. 



Lesotho 
LT Lithuania 
LU Luxembourg 
LV Latvia 
MC Monaco 
MD Republic of Moldova 
MG Madagascar 
MK The fonncr Yugoslav 

Republic of Macedonia 
ML Mali 
MN Mongolia 
MR Mauritania 
MW Malawi 
MX Mex ico 
^'E Niger 
NL Netherlands 

NO Norway 

NZ New Zealand 

PL Poland 

PT Portugal 

RO Romania 

RU Russian Federation 

SD Sudan 

SE Sweden 

SG Singapore 



SI 


Slovenia 


SK 


Slovakia 


SN 


Senegal 


sz 


Swaziland 


Tl> 


Chad 


TC 


Togo 


TJ 


Tajikistan 


TM 


Turkmenistan 


TR 


Turkey 


TV 


Trinidad and Tobago 


UA 


Ukraine 


UG 


Uganda 


US 


United States of America 


UZ 


Uzbekistan 


VN 


Vict Nam 


YU 


Yugoslavia 


zw 


Zimbabwe 



BNSDOCID: <WO 001 1832A1_I_> 



wo 00/1 1 832 PCTAJS98/1 741 0 

SYSTEM AND METHOD FOR ENABLING SECURE ACCESS TO SERVICES IN A 



COMPUTER NETWORK 



BACKGROUND OF THE INVENTION 
5 1. Field of the Invention 

This invention relates generally to computer networks, and more particularly to a 
system and method for enabling secure access to services in a computer network.2. 
Description of the Background Art 

In its infancy, the Internet provided a research-oriented environment where users and 
10 hosts were interested in a free and open exchange of information, and where users and hosts 
mutually trusted one another. However, the Internet has grown dramatically, currently 
interconnecting about 100,000 computer networks and several million users. Because of its 
size and openness, the Internet has become a target of data theft, data alteration and other 
mischief. 

15 Virtually everyone on the Internet is vulnerable. Before connecting, companies 

balance the rewards of an Internet connection against risks of a security breach. Current 
security techniques help provide client and server authentication, data confidentiality, system 
integrity and system access control. 

The most popular of the current security techniques is a firewall, which includes an 

20 intermediate system positioned between a trusted network and the Internet. The firewall 

represents an outer perimeter of security for preventing unauthorized communication between 
the trusted network and the Internet. A firewall may include screening routers, proxy servers 
and application-layer gateways. 

For users on the internet to gain access to protected services on the trusted network, 

25 they may be required to provide their identity to the firewall by some means such as entering 
a password or by computing a response to a challenge using a hardware token. With proper 
authentication, the user is allowed to pass through the firewall into the local network, but is 
typically limited to a predetermined set of services such as e-mail, FTP, etc. 
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Some local ncwork „,a„.ger3 place Jus, ou,3,de ,he f.ewall = se„er. often ,efe„ed ,o 
as a ••sacrificial lamb" fo, s,oring n„„.co„fide„,ial da,a which is easily accessible bv ,he 
remote user bui providing little security. 

A De-Miliurized Zone, or DMZ, si,s between ,wo flre«.,ls proteaing a ,rus,ed 
nelwork. The ex,e™al firewall p,o,ec,s serve, in the DMZ frcn, e«en,al ,hrea,s while 
allowmg HyperTe« Transfer Protocol (HTTP) re,ues,s. The imemal firewall pro.ecs .he 
.™s,ed neiwork in ,he even, ,ha, one of ,he servers in .he DMZ is compromised. Many 
companies use DMZs .0 mainwin Uieir web servere. 

Arroiher sec„ri.y .echnique for pro.ec.ing compmer ncworks is ,he issua.ce and use 
of a public key ce„ifica.es. Public key ce„iflca.es are issued .o a pany by a cer.ifica.e 
au,hori,y. Which Via some me.hod valida.es .he pany. idem„y and issues a ce„i„ca.e suiing 
.he pa«ys name and public key. As evidence of au.hemici,y, ,he certificate awhority 
d,g,ully signs the party's certificate using the ceniflca« authority's private key 

raus. When a user via a diem computer connect .o a server, the diem computer and 
15 serverexchangepublickeyceriifica.es. Each pany verifies .he au,hen.id,y of Ute received 

ceri,fica,es by using the ceriifica,e auUtoritys public key to verify the signature of the 
certtficate. Then, by enco^pting messages wirt the server's public key the user can send 
secure communications to the server, and by enctypting messages with the user's public key 
the server can send secure communications to the user. AIU,ough any party migh, p,esem a 
public key ceriificate, only the real user and the rea, hos. have the corresponding private key 
needed to decryp, .he message. Examples of au,hen,ica,io„ and key dis,ribu.ion computer 
securiry sys,ems include ,he Kerberos™ securiry sys.em developed by .he Massachusens 
.ns„.u.e of Technology and .he Ne.SP~ securi.y sys.em devdoped by ,he IBM Ccpora.ion 
These security .echniques do no. solve problems associated with fte roaming 
25 (traveling, user. For .he roaming user, maintaining iden.iflca.ion and au.he„.ica.i„n 

,nforma.ion such as pas.,words, cenifica.es, keys. etc. .s a.cumbersome process. Furiher 
accessmg muLiple sysiems requires multiple keys, which often are .oo complex .o track Ind 
"se. Also, d.rec. access .o sys.ems behind firewalls compromises security. Therefore, a 
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syslem and method are needed to enable remote access lo computer serx'ices easily and 
securely. 

SUMMARY OF THE INVENTION 
5 The present invention provides a system and method for enabling secure access to 

services in a computer nelv^ork. The network system includes a global server coupled via a 
computer network to computer services. The global server includes a communications engine 
for establishing a communications link with a client; security means coupled to the 
communications engine for detennining client privileges; a servlet host engine coupled to the 

10 security means for providing to the client, based on the client privileges, an applet which 

enables I/O with a secured service; 2ind a keysafe for storing keys which enable access to the 
secured services. The global server may be coupled to multiple sites, wherein each site 
provides multiple services. Each site may be protected by a firewall. Accordingly, the global 
server stores the keys for enabling communication via the firewalls with the services. 

15 Tlie method includes the steps of establisliing a cornmunications link with a client; 

identifying and authenticating the client; determining client privileges; providing to the client, 
based on the client privileges, an applet which enables I/O with a secured service; and 
retrieving a key which enables access to the secured service. 

The system and method of the present invention advantageously provide a globally- 

20 accessible trusted third party, i.e., the global server. This trusted third party securely stores 
keys, and acts as a single identification and authentication service. Other systems may be 
accessed through the global server. The global server uses the stored keys to authenticate the 
user under an identity that is understood by the other system's existing security services, and 
establishes a secure communications channel to the desired service. Because of a global 

25 firewall, the global server is substantially protected from external threats. Accordingly, the 
. global server provides authorized clients with secure communication through firewalls with 
services. The global server may enable multiple levels of identification and authentication 
services. Accordingly, the global server may enable multiple levels of resource access based 
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on .he user^s s.a,u, ,he s«ng,hs of.he ide„,ir,ca„o„ and ,He a„,he„,ica,i„„ and on U,e 

privacy of the communications channel. 

Because of U,e globa, firewall and ,he iden„fica,io„ and an,hen„ca,ion .c„ices 

perfo^ed .he „oba, se.er, con,o.„o„s can .ore ,e,a,lve,y sec, i„ro™a,ion on .he 
global server for use by au.horized cliems. Ye, .he presen. inven.ion also enables 
co.pora.lons .„ .aln,a,„ only a ponion of , heir secre, i„fo™,a.lon on .he global server, so .ha. 
.here would be only .his „n,i.ed loss should .he .rus.ed ,hird pany sys.e™ be con,p,on,lsed 
Purser, ,he global se„er adva„.geously „ay ac. as a clien. proxy for con„olM„g access .o 
sendees, logging use ofkeys and logging access of resourees. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
FIG. 1 is a block diagram illustrating a roaming-user network access system, in 
accordance with the present invention; 

FIG. 2 is a block diagram illustrating details of an example client of FIG. 1; 
5 FIG. 3 is a block diagram illustrating details of the global server of FIG. 1 ; 

FIG. 4 is a block diagram illustrating details of an example service server of FIG. 1; 
FIG. 5 is a flowchart illustrating a method for remotely accessing a secure service; 
FIG. 6 is a flowchart illustrating details of the FIG. 5 step of creating a link between a 
client and the global server of; 
10 FIG. 7 illustrates an example web page; 

FIG. 8 A is a flowchart illustrating details of the FIG. 5 step of accessing a service in a 
first embodiment; 

FIG. 8b is a flowchart illustrating details of the FIG. 5 step of accessing a service in a 
second embodiment; and 

15 FIG. 8C is a flowchart illustrating details of the FIG. 5 step of accessing a service in a 

third embodiment. 



-5- 



BNSDOCID: <WO 0011832A1J_> 



wo 00/11832 

PCT/US98/17410 

gEIAiLEaDESC&IPTlOK. OP THF PS£ffiSREDJMBOD!MENT 
no. , is a block diagram i„„s,ra,i„s an exe.p,a„ ,<,a™i„,.„s„ „e,„ort= access 
..seen, . 00 in acc„.,ance ... „e p.scn. invcn.ion. S,s,o„ i CO includes an i„.„co„.ec,ed 
-wo..ofco„.p„,e.srcre.ed.ohe,ei„asan..,„,e™e,-,OX Sys.en, , 00 includes a 

f..,co™pan.„e,„„.k " 2. a second company „«„ork „ M kiosk nenvo* ,38a„da„ 
.n,cn,e, Service Provider (,SP) nelwork eacH „e,„„rk being conpled ,o .be ,„,e™, ,0. 

company „c,work , ,2 includes a lirewal, „. coupled belween .be ,„.e™e. ,02 and a 
1.en, c„.pu,er I Ma. Company nerwork 1,8 includes a fi.„all u„ coupled be^veen ,be 

"-■---"-aine.worksignalbusu.companyne.work.isft.nberincludes 

a„rs,servenOSarorprovidinganrs,service,l„a,asec„„dse„er,OSbr„rprovidin.a 
second service I lOb. a fl.. Cien, compu.er I Mb storing a program for providing a drird 
servce 1 ,0c and a second Cien, conrpuler 1 ,4c, eacb being coupled . signal bus U6 
Example services 1 1 Oa-, I „d include an e-mail service prog™,, an address book service 

'=*-iceprogram.apagingserviceprog™„.a„dacompanydaubase 

service program. 

T^e kiosk nerwork , 38 includes a flrs, clien, compu,er , I4dand a second clien, 
ccmpuler „.e, eacb being coupled .o .be ln.e.e. ,02. ^ ,SP nerwork H3 includes an ISP 

coupled via a tireless ch^e, H6 .o a clien. compter 1 ,4f and coupled via 
n,odems 152 and , .6 and via ...nsmission line , 54 .„ a second Ciem compu.er 1 ,4g 

■ ,04 and™','?™" ' '"^'^ ' ~ = «-,l 

1 04 and includes a server 1 08c for providing a service ] ] Od In,. 

^ ^^'^'^^ "O'^- ^"tercommunjcation between 
en. compulers I Ma-I Mg and services I lOa-l lOd .s accomplished via d,e global server 
06. If or e.amp,e, a user of any one of 0,e clien, compu.e. „ 4a.„4g warns .0 access a 

™'----<--sprovideda.aloca.ion..bi„sys,emlOO.ba.is»kno™.o.be 
user, . en .be user applies a known Uniform Resource Loca.or (URL, .0 access a web page 

cpe..edbygloba,sen,erlO.. - "a.ple web page ,00 is sHown in and described wil 
r.ference.oPla.,.Tbeglob.„rewalll04pro.ec..eglob.server,0..on,e.e™, 
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Before obtaining access privileges to the functionality provided by the global server 
106, the user must first obtain authorization from the global server 106. Obtaining 
authorization typically requires user identification and authentication, for example, using 
public-key certificates. Once authenticated, the global server 106 provides the user with 
5 access to the services 1 1 Oa-1 1 Od. It will be appreciated that var>Mng levels of access to 
services 1 lOa-1 1 Od will be granted based on varjMng strengths of identification and 
authentication and on the privacy of the communications channel. 

To enable user access to and control of the services 1 lOa-1 lOd, the global server 106 
may use conventional applets, servlets or agents in a distributed network environment, such 

10 as the Java™ distributed environment produced by the Netscape Corporation. The global 

server 1 06 provides the user's client with access to and control of the service 1 1 Oa-1 lOd. The 
global server 1 06 may redirect the user's client to access the service 1 1 Oa-l 1 Od itself, the 
global server 1 06 may access the service 1 lOa-1 lOd itself and provide I/O to the client by 
proxy, or the global server 106 may provide the service 1 lOa-1 lOd itself These three 

15 different modes of access to the services 1 1 Oa- 1 1 Od are described with reference to FIGs. 8 A- 
8C.- 

The global server 106 maintains the network addresses of all the services 1 1 Oa-1 lOd, 
the user's public and private keys, the user's account numbers, firewall authentication 
information, etc. Firewall authentication information includes the necessary identification, 
20 passwords and certificates needed to pass firewalls 1 1 6 and 120. Accordingly, the user need 
only maintain the URL of the global server 106, and identification and authentication 
information such as a password or hardware token for obtaining access to the functionality of 
the global server 106. Thus, the roaming user can access computer services 1 lOa-1 lOd using 
any computer terminal which is connected to the Internet 102. 

25 

. FIG. 2 is a block diagram illustrating details of a client computer 1 14, such that each 
of clients 1 14a-l 14d is an instance of the client 1 14. The client 1 14 includes a Central 
Processing Unit (CPU) 210 such as a Motorola Power PC® microprocessor or an Intel 

-7- 
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Pemium* microprocessor. An i„pu, device 220 sue], .s a keylx,ard and mouse. a„d an ou.pu, 
dev,ce 230 s.ch as a Ca.hode Ray Tube <CRT) display are coupled via a signal bus 240 ,o 
CPU 2 1 0. A communicauons ,„,erface 250, a da.a slorage device 260 such as Read Only 
Memory (ROM) or a magnetic disk, and a Random-Access Memo,, (RAM) 270 are fi.nher 
5 coupled via signal bus 240 to CPU 210. The com„,unica,io„s interface 250 of cliem 

compuicr 1 14 is coupled ,o ,he In.eme, ,02 as shown in and described „i,h reference ,o FIG 
1. 

An operating system 280 includes a progran, for controlling processing by CPU 210 
and is typically stored in data storage device 260 and loaded into RAM 270 for execution ' 
:0 Operating system 280 includes a communication engine 282 for generating and transferring 
message paekeu to and from the intemet 1 06 via the communtcations .nterface 250 

Operating system 280 funher includes an intemet engine such as a web browser 284 
e.g., the Netscape™ web browser produced by the Netscape Cctporation or dte Inteme. 
Explorer™ web browser produced by the Microsoft Corporation. TTte web browser 284 

15 i-'udesanencryptio„e„gine285forenc,yptingmessagesusingp„blicandprivatel<eys and 
a« applet engine 286 for executing applets 288 downloaded fVom the global server 106 to 
enable the access to computer services 1 ,Oa-l lOd. Downloaded applets 288 may include 
security applets 290 for perfonning services such as user identification and authentication 
message .ntegrity services, and certificate verification. The browser 284 fimher receives web 
20 page data (391. P,G. 3), configuration data 390 and infomtation ident.lVing a se, of selectable 
services 1 lOa-UOd. and uses the infonnation to display the web page (700, FIG. 7) Tlte web 
browser 284 enables a user via the client 1 ,4a-l ,4g to select one of the services 1 ,Oa-l lOd 
for execution. 

I. will be appreciated that a cliem 1 14a-l 14g such as cliem 1 1 4b may include a 
iS service engine 490 (see FIG. 4) for providing a service 1 1 Oa-l , Od such as setvice llOc 

Thus, i, is possible for a Client 1 1 4b user to rcuest access to service 1 1 Oc Via the global 
server 106, without knowing that the service UOc is provided by client 1Mb. Accordingly 
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the global server 106 will provide client 1 14 with an applet 288 for providing user interface 
I/O of service 1 10c back to client 1 14b. 



FIG. 3 is a block diagram illustrating details of the global server 106, which includes a 
5 CPU 3 1 0 such as a Motorola Power PC® microprocessor or an Intel Pentium^ 

microprocessor. An input device 320 such as a keyboard and mouse, and an output device 
330 such as a CRT display are coupled via a signal bus 340 to CPU 310. A communications 
interface 350, a data storage device 360 such as ROM or a magnetic disk, and a RAM 370 are 
further coupled via signal bus 340 to CPU 310. The communications interface 350 is 

10 conventionally coupled as part of the Internet 102 to the clients 1 14. Although the global 

server 106 is described as a single computer, it will be appreciated that the global server 106 
may include multiple computers networked together. 

Operating system 380 includes a program for controlling processing by CPU 310, and 
is typically stored in data storage device 260 and loaded into RAM 370 for execution. 

15 Operating system 380 includes a communication engine 382 for generating and transferring 
message packets to and from client computers 1 14 via the communications interface 350, 

Operating system 380 further includes, as part of global firewall 104, security services 
384 for opening a communications channel with users. For example, when a client attempts 
to access the global server 1 06, the security services 384 first determines whether the global 

20 server 106 accepts in-bound communications from a particular port (not shovm) and whether 
the servlet host engine 386, described below, is authorized to connect to that particular port. 
If so, the security services 384 allows the communications engine 382 to open a 
communications channel via the particular port to the client 1 14a-l 14g. Otherwise, no 
channel will be opened. 

25 The operating system 380 further includes a web engine 387 which, based on user's 

identification, the strength of the user's authentication and the privacy of the communications 
channel, forwards web page data 391 and information identifying a set of available services 
1 1 Oa-1 lOd to the client 1 1 4a-l 14g. An example web page 700 is shown and described with 
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reference ,o FIG. 7. The web engine 387 enables a user ,o selec, a service „ Oa- >, Od fron, 

the web page 700. 

The web engine 387 includes a servle. hos, engine 286, which downloads securi,,. 
applets 290 including an au>hen,ica.ion apple, (no, she,™) ,o ,he clien, computer 1 1 4 and 
5 accordingly execmes an au.hemication sen-le. 397 of servlels 398 for perfonning 

identification and authentication services. TT,e authentication applet 290 prompts the user for 
tdenttfiction and authentication infon^ation, and then com„,u„ica,es the info™,ation to the 
authentication sen.let 397. The authentication serv.c. 397 verifies that the infonnation is 
correct, it will be noted that the user's authentication infonnation is no, necessarily sent to 
10 ,he au,hen,ica,ion sen,le, 397. bu, rafter i,s exisience and co„ec,ness is proven v.a a secure 
means such as a secure hash. The setvlet host engine 386 further includes a secure 
communications engine 396 which may use public key certificates ,o neg„,ia,e a secure 
conmiunica,ions channel with Uie client computer 1 14. 

Upon selection of a service 1 1 Oa-IIOd. the servle, hos, engine 386 downloads a 
15 coTesponding apple, 388, corresponding configuration data 390 and corresponding user dau 

392.and may download c„.spohding serviceaddrcss informa,i„n 394 ,0 the cliem compmer 
1 M. Co„figu,a,ion da,a 390 includes infonna,i„n for configuring fte user's web browser 
284, for configuring ,he downloaded apples 288, and for configuring fte seleced service 
1 1 Oa-I lOd. User data 392 may include user-and-service-speciflc infonnation such as stored 
bookmarks, calendar data, pager numbers, etc. which was specifically stored on the global 
server 106 for easy access. Service address infonnation 394 identifies Ae location of Ure 
set^ices 1 .0a.„0d provided in system ,00 by ,he global server ,06. The clien. compmer 
1 14 execu,cs ,he corresponding downloaded apple, 288, which via Ac servle, hos, engine 386 
(posstbly using a con-esponding sen-le, 398) enables ,he user ,o access and ,o comrol the 
cotresponding services 1 ,0a-, lOd. The downloadable applets 388. configuratton data 390 
user data 392 and service address infonnation 394 may be stored on the data storage device 



20 
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A keysafe 395 is a data file for storing each user's identification information, each 
user's public and private keys, each firewall's password information, etc. The keysafe 395 is 
organized in a linked list format so that, based on the selected ser\'ice 1 lOa-1 lOd, the global 
server 106 can retrieve the appropriate firewall's password information, the appropriate user's 
5 identification information and keys, etc. The keysafe 395 may be stored on the data storage 
device 360. 

FIG. 4 is a block diagram illustrating details of a ser\'ice serx'er 108, such that servers 
108a- 108c and client 1 14b are instances of server 108. Server 108 includes a CPU 410 such 

10 as a Motorola Power PC® microprocessor or an Intel Pentium® microprocessor. An input 
device 420 such as a keyboard and mouse, and an output device 430 such as a CRT display 
are coupled via a signal bus 440 to CPU 410. A communications interface 450, a data storage 
device 460 such as ROM or a magnetic disk, and a RAM 470 are further coupled via signal 
bus 440 to CPU 410. The communications interface 450 is coupled to the clients 1 14 as 

15 shown in and described with reference to FIG. 1 . 

The operating system 480 includes a program for controlling processing, by CPU 410, 
and is typically stored in data storage device 460 and loaded into RAM 470 for execution. 
Operating system 480 also includes a communications engine 482 for generating and 
transferring message packets via the communications interface 450 to and from clients 1 14 or 

20 to and from global server 106. Operating system 480 further includes security services 484 
for negotiating a secure channel with users, a secure communications engine 486 for opening 
the secure channel with the users, and a service engine 490 for providing a service 1 1 Oa-1 lOd 
to the users. 

The service engine 490 includes a serx'ice interface 492 for receiving and translating 
25 messages to and from downloaded applets 288 currently executing on the client 1 14, and 

includes a service processor 494 and service data 496 for processing the service requests fi*om 
the user. The service data 496 may include previously-generated documents, database 
information, etc. It will be appreciated that the service data 496 is similar to the user data 
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392, such ,ha, i, includes .he sa.e „.pe of i„fc™e„„„ . „.i„,3.ed „„ ,he service sen., 
108 instead of on the global server 108. 

FIG. S is a nowchan illus-ming a n,e,hod 500 enabling a use, ,o access services 
5 . lOa-l lOd in computer network sys.en, 100. Method 500 beg.ns by ,he clien, , 14 in step 
505 crea.,„g a comnrunicaiions linK with ,hc global server >06. S,ep 505 is described in 
grearer derail wi.h refcrencc ,„ PIC. 6. The global se„er 106 in s.ep 5 1 0 confim,s U,a,.he 
user has privileges ,o access .he fir„c,ionaH,y of ,ha globa, server , 06. Conf™i„g user 
ac«ss privileges .ay include e.a„.ining a user cer,if.ca,e, obtaining a secre, password, using 
d.g.,al Signature technology, etc. ,t will be appreciated tha, the security services 384 ™ay 
cause the servlet host engine 386 ,o forward a security apple. 389 via the conununications 
channel .o .he client 1 14 for perfomting user au.hen.ica.ion. 

After user access privileges are confrmed. .he web page engine 387 of .he global 
server ,06 in s.ep 5,5 downloads webpage dau 391 and co„flgura.ion da.a 390 to the client 
..4. T*e browser 284 Of diem ,14 in s.ep 520 uses .he web page da.a 391 andfte 
configurarion dau. 390 .o display a web page 700 (FlG. 7) on .he ompu. device230 of fte 
Chen. 1 14 and to enable access .0 the services 1 lOa-l lOd which are offe,«, by fte global 
-rver 1 06. Ar, exan,p,e web page 700 is shown and described wi,h reference .o RO 7 

Fron, ,he options Hs.ed on the web page 700. .he user in step 525 via inpu. device 220 
selecaservice llOa-llOd. response, .he se„le, host engine 386 of the globa, server 106 
.n step 530 downloads .he con-esponding app,e.(s, 388. apple, conflgurarion dau 390 user 
da.a 392 and possibly service address i„fon,a.io„ 394 .0 *e Cien, 1 1 4. Apple, conf.gura.ion 
da.a 390 preferably .ncludes user-spccific preferences, such as use,-prefe„ed fon« for 
configuring .he seleced service 1 10a.„0d. User da.a 39Z.ay include user-specific and 
.en,ice-speci«c info™a.ion such as sto.ed bookmarks, calendar data, pager numbers, etc 
Servtce address i„fo™a.ion 394 iden.ifies .he location of U,e seleced se^ice 1 lOa-1 lOd 
Al.e™a.,vely. the cotresponding apple.(s, 388, apple, configuration da. 390. user dau 392 
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and service address infomialion 394 could have been downloaded in step 515 with the web 
page data 391 and the configuration data 390. 

The applet engine 286 of the client 1 14 in step 535 executes the corresponding 
downloaded applet 288. The ser\Mce ser\'er 108 in step 537 initiates the service engine 490. 
5 The global ser\'er 106 in step 538 selects one of the three modes of access described in FlGs. 
8A-8C for enabling the client computer 1 14 to communicate with the corresponding service 
engine 490. For example, if the user selects the service llOd on server 108c, which is not 
protected by a separate firewall, then the global server 1 06 may provide the user with direct 
access. If the user selects ser\'ice 1 10a provided by server 108a within company network 

10 118, then the global server 1 06 may access the service 1 1 Oa as a proxy for the user. It will be 
appreciated that each firewall 106 and 120 may store policies establishing the proper mode of 
access the global server 106 should select. Other factors for selecting mode of access may 
include user preference, availability and feasibility. The global server 106 in step 540 
provides the client 1 14 user with access to the selected service 1 1 Oa-1 lOd. Step 540 is 

15 described in greater detail with reference to FIGs. 8A, 8B and 8C. 

FIG. 6 is a flowchart illustrating details of step 505, which begins by the client 1 14 
user in step 605 using a known Uniform Resource Locator (URL) to call the global server 
106. The global server 106 and the client 1 14 in step 607 create a secure communications 

20 channel therebetween, possibly by applying Secure Sockets Layer (SSL) technology. That is, 
the security services 384 of the global server 106 in step 610 determine if in-bound secure 
communications are permitted and, if so, creates a communications channel with the client 
1 14. The browser 284 of the client 1 14 and the security services 384 of the global server 1 06 
in step 615 negotiate secure communications channel parameters, possibly using public key 

25 certificates. An example secure communications channel is RSA with RC4 encryption. It 
will be appreciated that the global server 1 06 may be configured to use one of ten encryption 
protocols and the client 114 may be enabled to use one of five encryption protocols. Step 615 
thus may include selecting one of the encryption protocols which is common to both the 
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.loba, serve. ,06 and .he Cien, , ,4^ The e„e^p,i„„ engine :S5 of ,he e.ien, , M and seen. 
con,mu„ica„„„s engine 396 of ,„e gioba, server , M in s.ep 620 use ,he secure ehanne, 
parameters ,o erea.e ,he seeure con,munica,ions channel. Method 505 ,he„ emis. 

FIG. 7 illustrates an example URL-addressable Hypertext Markup Language 
(H™L>based web page 700. as maintained by the se„let host engine 386. The web page 
00 includes a title 710 -Web Page," a listing of the provided services 715 and a pointer 770 
for selecting one of the provided services 715. As illustrated, the provided services 715 may 
tnclude an e-mai, service 720. a calendaring service 730. an internet access service 740 a 
paging se„ice 750 and a fax sending se„ice 760. Ahhough no, show„, other servtces luch 
as boolcmarWng, QuickCard™, etc. may be included in the web page 700. 

no. 8A is a flowchart illustrating details of s«p 540 in a first embodiment, .fened 
.c as step 540a. whe.i„ .he global server , 06 provides the client IM with a direct connection 
to the service , lOa-I IOd. Step 540a begins by the dov™ioaded apple. 288 i„ step 805 
relieving the service address 394 of the selected service , , Oa-I , Od ftom dau stor^e device ^ 
360 and .he auften,ica.io„ informa.ion for the service UOa-UOd from the keysafe 395 The 
communications engine 282 in step 810 creates a dit^ct and s^ure connection with the 

uses the authenucation informaUon .o authenticate itself. The applet 288 in step 815 acts as 
the 1/0 interface wirt .he service engine. Step 540a then ends. 

FIG. 8B is a flowchan illustrating details of step 540 in a second embodiment 
referred to as s.ep 540b. wherein .he global server ,06 acts for .he clien. „4 as a pro^y to the 
settee „0a-„0d . Step 540b begins with the applet 288 in s.ep 840 retrieving .he -service" 

creates a com,ec.ion with the global server ,06. T,e serv,et host engine 386 of the global 
server ,06 in step850 retrieves the sewiee addressof the seieced setviee „Oa.„„d and the 
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autheniicaiion infonnalion for the selected service llOa-l lOd from the keysafe 395. The 
secure communications engine 396 of the global ser\'er 106 in step 855 negotiate secure 
channel parameters for creating a secure channel with the secure communications engine 486 
of the ser\'ice server 108. 
5 Thereafter, the applet 288 in step 860 acts as the I/O interface (enables the user to 

make requests of the service engine 490) with the secure communications engine 396 of the 
global server 1 06. If the servMet host engine 386 in step 865 determines that it is unauthorized 
to perfonn a client 1 14 user's request, then the servlet host engine 386 in step 870 determines 
whether the method 540b ends, e.g., whether the user has quit. If so, then method 820b ends. 
10 Otherwise, method 540b returns to step 860 to obtain another request. If the servlet host 
engine 386 in step 865 determines that it is authorized to perform the client 1 14 user's 
request, then the servlet host engine 386, possibly using servlets 398, acts as the proxy for the 
client 114 to the service engine 490. As proxy, the servlet host engine 386 forwards the 
service request to the service 1 1 Oa-1 lOd for the applet 288 and forwards responses to the 
15 requesting applet 288 currently executing on the client 1 1 4. Method 540b then returns. to step 
870. 

FIG, 8C is a flowchart illustrating details of step 540 in a third embodiment, referred 
to as step 540c, wherein the service 1 lOa-1 lOd being requested is located on the global server 
1 06. Step 540c begins with the applet 288 in step 880 retrieving the service address for the 
service 1 1 Oa-1 lOd, which results in providing the applet 288 with the service address of the 
service 1 lOa-1 lOd on the global server 106. Thus, the applet 288 in step 882 creates a secure 
connection with the global server 106. No additional step of identification and authentication 
is needed since the client 1 14 has already identified and authenticated itself to the global 
server 106 in step 510 of FIG. 5. 

. In step 884, a determination is made whether the service 1 lOa-1 lOd is currently 
running. If so, then in step 886 a determination is made whether the service 1 lOa-1 lOd can 
handle multiple users. If not, then the global server 106 in step 890 creates an instance for the 
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us. .He appl. ,3S l„ s,, ,„,„,^„ , ^ ^ 

.10 a, ,06. O.He™,i«, if ,„e .rvice MOa-HOd i„ .ep ue dc.™i„es , ca„„„, 

.,o.a, se„. ,06 de,e^,„. ,Ha, ,he se^ice „0a., ,0d is „„. cu„e„,„ ™„i„,. ,He„ ,h. 
8.oba, serve. ,06 in s,ep SU initializes .he service „0a.„0d a.,d proceeds ,o s,ep 886. 

The foregoing description of ,.,e prefe.ed en,bod,„.e„,s of U,e invention i. b. way of 
example o„,>, and o,her variations of the above-descHbed embodiments and methods are 
provtded by ..e present invention. Components of this invention may be impiemented usin, 
a programmed genera, purpose digita, computer, using application specific integrated ci.uil 
or ustng a network of interco^tected conventtona, components and circuits The 
embodiments described hercn have been presented for purposes of iUustration and are no. 
mtcnded to be exbaustive or iimiting. Many variations and modi«ca.iona a„ possible in iight 
of «,e foregotng .caching. The invemion is limited ody by ,be following Cairns 
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WHAT IS CLAIMED IS : 

1 1 . A system comprising: 

2 a communications engine for establishing a communications link with a client; 

3 security means coupled to the communications engine for determining client 

4 privileges; 

5 a servlet hosl engine coupled to the security means for providing to the client, 

6 based on the client privileges, an applet which enables I/O with a secured ser\'ice; and 

7 a keysafe for storing a key which enables access to the secured service. 

1 2. The system of claim L wherein the communications engine uses SSL technology 

2 to create a secure communications link with the client. 

1 3. The system of claim 1, wherein communications engine negotiates an encryption 

2 protocol for transferring messages to and from the client. 

1 4. The system of claim 1, wherein the communications engine uses public key 

2 certificates for transferring messages to and from the client. 

1 5. The system of claim 1 , wherein the security means uses public key certificates to 

2 authenticate the client. 

1 6. The system of claim 1 , wherein the security means examines client identity and the 

2 level of authentication to determine client privileges. 

1 7. The system of claim ] . v^^herein the security means examines a global certificate to 

2 authenticate the client. 
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' 8. TTe sys,en, of Cai. 1. wherein ,he .ecun.y ™ca„s uses di,i,a, si,„a,u,e ,ech„„,o,, 
2 to authenticate the cJiem. 



9. The sys,e™ of claim >, wherein ,he servie, host engine fom-arfs ,o ,he diem a 

2 security appie, for enabling ,he c,ie„. ,o perform a security proroco, recognized by Ore 

3 security means. 



1 .0. The system of claim wherein .he service is secured by a co-pome firewall and the 

2 key ,s configured lo enable communication through the fitewall. 

1 11. The system of claim ,. flrrther comprising a global firewall for protecting the 

2 system. 



1 12. 



The system of claim 1, farther comprising a service address for identifying the 
2 Jocation of the secured service. 



1 13. 



The system of Cairn 1 , wherein the applet provides to the client a direct connection 
2 with the secured service. 



1 14. 



2 



The system of claim 1. funher comprising a ptoxy in communication with the 



secured service, and wherein the applet enables I/O with the 



proxy. 
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1 15. A method comprising the steps of: 

2 establishing a communications link with a client; 

3 determining client privileges; 

4 providing to the client, based on the client privileges, an applet which enables I/O 

5 with a secured service; and 

6 retrieving a key which enables access to the secured ser\'ice. 

1 1 6. The method of claim 15, wherein establishing a communications link includes the 

2 step of using SSL technology to create a secure communications link with the client. 

1 17. The method of claim 15, wherein establishing a communications link includes the 

2 step of negotiating an encryption protocol for transferring messages to and from the client. 

1 1 8. The method of claim 1 5, wherein establishing a communications link includes the 

2 step of using public key certificates for transferring messages to and from the client. 

1 19. The method of claim 15, wherein determining client privileges includes the step of 

2 using public key certificates to authenticate the client. 

1 20. The method of claim 1 5, wherein determining client privileges includes the step of 

2 examining client identity and the level of authentication to determine client privileges. 

1 21 . The method of claim 1 5, wherein determining client privileges includes the step of 

2 examining a global certificate to authenticate the client. 

1 22. The method of claim 15, wherein determining client privileges includes the step of 

2 using digital signature technology to authenticate the client. 
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1 23. The method of claim , 5, wherein es.aWishing a eomn,™ioa,io„s lirt< includes 

2 fonvaKling ,o ,h= clien. a securi,, apple, for enabiing ,he clien, .o perfo™ a recognized 

3 security protocol. 



1 24. The method of clain, ]5, fiarther con,prising the step of using the key to 

2 communicate through a firewall to the secured service. 

1 25. ^^emethodof Cairn 15, whereinthemethodisperfon^edbyaglobalserverand 

2 fttrther comprising using a global firewall to protect the global server. 

1 26. The method of claim ' 5, fimher comprising using a sewace address to identify the 

2 location of the secured service. 



1 27. Themettodofclain, 15, wherein p^viding includes .he step of providing ,o .he 

2 client a direct conncsction >vith the secured service. 



1 28. The n,et„od of Cain, 1 5, further comprising using a proxy in con^unication with 
the secured service, and wherein providing includes enabling I/O with the p,x,xy. 

1 29. A system comprising: 

2 means for establishing a communications link with a client; 

3 means for determining client privileges; 

4 nteans for providing to the client, based on the clien, privileges, an apple, which 

5 enables I/O with a secured service; and 

6 a key which enables access to the secured service. 

1 30. ^--Puter-basedstoragemediumstoringaprogramforcausingacomputerto 

2 perform the steps of: 
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3 establishing a communications link with a client; 

4 determining client privileges; 

5 providing to the client, based on the client privileges, an applet which enables I/O 

6 with a secured ser\'ice; and 

7 retrieving a key which enables access to the secured service. 
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